{ lib, ... }:

let
  domain = "htpro.giugl.io";
  network = import ./network.nix;
in {
  services = {
    prowlarr.enable = true;

    nginx.virtualHosts.${domain} = {
      forceSSL = true;
      enableACME = true;
      locations."/" = {
        proxyPass = "http://localhost:9696";
        extraConfig = ''
          allow 10.0.0.0/24;
          ${lib.concatMapStrings (x: "allow ${x};") network.gdevices-wg}
          deny all;
        '';
      };

      #      locations."/api" = {
      #        proxyPass = "http://127.0.0.1:9696/prowlarr/api";
      #      };
      #
      #      locations."/Content" = {
      #        proxyPass = "http://127.0.0.1:9696/prowlarr/Content";
      #      };
    };
  };

  networking.extraHosts = ''
    ${network.architect-lan} ${domain}
    ${network.architect-wg} ${domain}
  '';

  users.groups.media.members = [ "prowlarr" ];
}